The decentralized architecture of the Internet, which has been key to its development and worldwide deployment, is making it challenging to secure Internet user experience. Many organizations claim to be playing a role in improving Internet security. If anything, the space of security-related institutions seems on ﬁrst inspection to be over-populated, yet poor security persists. This work proposes a framework to understand the role diﬀerent institutions play in cyber security. The analysis gives insights into the broad institutional ecosystem of public, private and international actors, and the varied nature of these institutions, their interests, incentives, and contributions to cyber security from hardware, software, protocols, standards and regulation. Based on natural language clustering algorithms, this framework classiﬁes institutions along ﬁve dimensions: the aspect of cyber security the institution covers, the industry and activity sector of the institution, whether it is part of a speciﬁc jurisdiction, speciﬁc institution’s characteristics such as its working mode or primary focus, and the institution governance type. This work is based on a dataset that was developed including approximately 120 institutions playing a role in cyber security. Using this framework, it is possible to better understand the nature of the large number of organizations currently shaping cyber security, the relationship between them, areas of competing and overlapping institutional interest, and the overall structure of institutional responses to cyber security.